Framework for views in big projects on Django.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for orsinium from gravatar.com orsinium

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU Lesser General Public License v3 or later (LGPLv3+) (GNU Lesser General Public License v3.0)
  • Author: orsinium
  • Tags djbrut, django, bruteforce, protection, security, redis
Classifiers

Project description

DjBrut – simple brutforce protection for Django project.

Default checkers:

  • Max requests for IP.

  • Max requests for user.

  • Max requests for one CSRF-token (stupid but effective).

  • Max requests frequency limitation.

DjBrut use Redis as storage for all counters.

Installation

sudo pip3 install djbrut

Usage

from django.http import HttpResponse
from djbrut import Attempt

def some_view(request):
    attempt = Attempt('some rule type name', request)
    # check
    if not attempt.check():
        # error
        return HttpResponse(attempt.error)
    # success
    ...

You can see example project for more details.

Configuring

Just set up rules:

BRUTEFORCE_LIMITS = {
    'default': Rule(
        user=100,       # max requests for one user by BRUTEFORCE_TIMELIMIT
        ip=300,         # max requests for one IP by BRUTEFORCE_TIMELIMIT
        csrf=50,        # max requests with one CSRF token by BRUTEFORCE_TIMELIMIT
        freq=0,         # max request frequency for client [seconds]
    ),
    'some rule type name': Rule(
        user=100,       # max requests for one user by BRUTEFORCE_TIMELIMIT
        ip=300,         # max requests for one IP by BRUTEFORCE_TIMELIMIT
        csrf=50,        # max requests with one CSRF token by BRUTEFORCE_TIMELIMIT
        freq=0,         # max request frequency for client [seconds]
    ),
}

Attempt get rule type name as first arg. If rule type name not found in keys of BRUTEFORCE_LIMITS, ‘default’ will be used. If you don’t set default rule then passed rule type must be exists in BRUTEFORCE_LIMITS keys.

BRUTEFORCE_TIMELIMIT – time to live for all attempts counters.

You can see default settings for more params such as custom error message.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for orsinium from gravatar.com orsinium

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU Lesser General Public License v3 or later (LGPLv3+) (GNU Lesser General Public License v3.0)
  • Author: orsinium
  • Tags djbrut, django, bruteforce, protection, security, redis
Classifiers

Release history Release notifications | RSS feed

1.0.0

This version

0.8.1

0.8.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

djbrut-0.8.1.tar.gz (7.1 kB view details)

Uploaded Source

File details

Details for the file djbrut-0.8.1.tar.gz.

File metadata

  • Download URL: djbrut-0.8.1.tar.gz
  • Upload date:
  • Size: 7.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No

File hashes

Hashes for djbrut-0.8.1.tar.gz
Algorithm Hash digest
SHA256 2ec6ca5f82d586e904142307037e02aecf76555b26e9846376ff73175412795a
MD5 bcc39f36df2a215d237185faeddd6ac1
BLAKE2b-256 6d8cdf017c23eae64535d92a8d8ab3ed06ae6800fec42fb3b4313c569ad0591e

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page